State Department webpages defaced

Tags

The defacement of the Our Planet subdomain on the United States Department of State website by Indonesian hacker Dbuzz shows how vulnerable the vast majority of web properties are to subversive idealogues.

The nuisance attack -- reported by hackread -- is akin to spraying graffiti on a business or agency front door: "Hacked by Dbuzz" in the case of the State Department's webpage.

"Dbuzz is either an idealist or a state sponsored actor, most likely, but there's no way to know for sure with such a small footprint," says Robert Hansen, Director of Product Management & Technical Evangelist at WhiteHat Security. " By the sites he's defaced he seems to be less interested in doing harm than showing people their vulnerabilities, so I'd err on the side of saying an idealist. But it's all speculation."

On around the same day when he hacked the US Department of State website, Dbuzz also reportedly breached and defaced the official blog domain of USEmbassy.gov.

A State Department spokeswoman confirmed the defacement, and said it was addressed by State website administrators. There were no additional compromises associated with the incident, the spokeswoman said.

And earlier this week, the hacker is credited with defacing websites of the Indonesian government and ones of a Malaysian educational institution. A USA TODAY sports site outside of the news company's website was also breached.

"This is further demonstration of the way that complex infrastructure is easy to attack," says Dr. Mike Lloyd, CTO, RedSeal Networks. "What's unusual in this case is that we know about the attack - that the page was defaced in a way we can see."

Lloyd says that it probably wouldn't take a high level of hacking skill for DBuzz, or some other low-level hacker, to "put invisible code onto a site like this that infects any machine used to view the compromised site."

Gunter Ollmann, Chief Technology Officer at IOActive, says mass defacements have become commonplace. Poorly configured website content delivery systems, and use of weak administrator passwords make it easy for the rise, once more, of so-called script-kiddie hackers. These are youngsters who learn how to use coding scripts to make an anonymous splash online, mainly to brag to their friends.

"As organizations farm out the hosting of their websites to cloud providers and other third-party hosting facilities, they often find that their content is hosted on a physical server that also hosts dozens if not hundreds of other websites," Ollmann points out. "Once a server is compromised, all sites hosted on it become collateral damage."

Ollmann says mass defacements are unrelated to the more serious attacks on U.S. banks by Iranian hackers and on U.S. media companies by Syrian hackers, which are driven by more serious political and criminal imperatives. "For DBuzz it's just a scorecard," he says.

Andrew Hay, Director of Applied Security Research at CloudPassage, agrees. "Dbuzz doesn't appear to be that prominent, more of an opportunistic website defacer," says Hay. "The messages do not appear to be politically or religiously motivated, simply a proof of exploitation for the world to see."

Sean Sullivan, Security Advisor at F-Secure, adds about DBuzz: "I've never heard of the guy -- but no wonder if all he's doing isdefacements -- surface level stuff. Looks like he has an impressive track record of defacements though."